Hey Maxime Thanks for the details
This is kind of expected behavior as you mentioned in the bug description If you want to enable both Ubuntu authenticated servers and the DHCP ones, I think the solution is to set authselectmode to "ignore" in the chrony.conf file. --- Here is the documentation of chrony on the authselectmode: authselectmode mode NTP sources can be specified with the key or nts option to enable authentication to limit the impact of man-in-the-middle attacks. The attackers can drop or delay NTP packets (up to the maxdelay and maxdistance limits), but they cannot modify the timestamps contained in the packets. The attack can cause only a limited slew or step, and also cause the clock to run faster or slower than real time (up to double the maxdrift limit). When authentication is enabled for an NTP source, it is important to disable unauthenticated NTP sources that could be exploited in the attack, e.g. if they are not reachable only over a trusted network. Alternatively, the source selection can be configured with the require and trust options to synchronise to the unauthenticated sources only if they agree with the authenticated sources and might have a positive impact on the accuracy of the clock. Note that in this case the impact of the attack is higher. The attackers cannot cause an arbitrarily large step or slew, but they have more control over the frequency of the clock and can cause chronyd to report false information, e.g. a significantly smaller root delay and dispersion. This directive determines the default selection options for authenticated and unauthenticated sources in order to simplify the configuration with the configuration file and chronyc commands. It sets a policy for authentication. Sources specified with the noselect option are ignored (not counted as either authenticated or unauthenticated), and they always have only the selection options specified in the configuration. There are four modes: require Authentication is strictly required for NTP sources in this mode. If any unauthenticated NTP sources are specified, they will automatically get the noselect option to prevent them from being selected for synchronisation. prefer In this mode, authentication is optional and preferred. If it is enabled for at least one NTP source, all unauthenticated NTP sources will get the noselect option. mix In this mode, authentication is optional and synchronisation to a mix of authenticated and unauthenticated NTP sources is allowed. If both authenticated and unauthenticated NTP sources are specified, all authenticated NTP sources and reference clocks will get the require and trust options to prevent synchronisation to unauthenticated NTP sources if they do not agree with a majority of the authenticated sources and reference clocks. This is the default mode. ignore In this mode, authentication is ignored in the source selection. All sources will have only the selection options that were specified in the configuration file, or chronyc command. This was the behaviour of chronyd in versions before 4.0. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2155165 Title: chrony does not select NTP servers from DHCP: : no required source in selectable sources To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/2155165/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
